What is the vulnerability ID for this Cisco Common Services Platform Collector vulnerability?

The vulnerability ID for this Cisco Common Services Platform Collector vulnerability is CVE-2019-1723.

What is the severity of CVE-2019-1723?

The severity of CVE-2019-1723 is critical.

Is authentication required to exploit CVE-2019-1723?

No, authentication is not required to exploit CVE-2019-1723.

How can I fix CVE-2019-1723?

To fix CVE-2019-1723, upgrade to a version between 2.8.0 and 2.8.1.2 or install a version between 2.7.2 and 2.7.4.6 of the Cisco Common Services Platform Collector.

Vulnerability/
CVE-2019-1723

critical

CWE

798 264

13/3/2019

21/11/2024

CVE-2019-1723: Cisco Common Services Platform Collector Static Credential Vulnerability

Q: How does CVE-2019-1723 impact affected devices?

CVE-2019-1723 allows an unauthenticated remote attacker to access an affected device using a default, static password.

First published: Wed Mar 13 2019(Updated: )

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account. For Cisco CSPC 2.7.x, Cisco fixed this vulnerability in Release 2.7.4.6. For Cisco CSPC 2.8.x, Cisco fixed this vulnerability in Release 2.8.1.2.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Common Services Platform Collector	>=2.7.2<2.7.4.6
Cisco Common Services Platform Collector	>=2.8.0<2.8.1.2
	>=2.7.2<2.7.4.6
	>=2.8.0<2.8.1.2

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Cisco Common Services Platform Collector vulnerability?
The vulnerability ID for this Cisco Common Services Platform Collector vulnerability is CVE-2019-1723.
What is the severity of CVE-2019-1723?
The severity of CVE-2019-1723 is critical.
How does CVE-2019-1723 impact affected devices?
CVE-2019-1723 allows an unauthenticated remote attacker to access an affected device using a default, static password.
Is authentication required to exploit CVE-2019-1723?
No, authentication is not required to exploit CVE-2019-1723.
How can I fix CVE-2019-1723?
To fix CVE-2019-1723, upgrade to a version between 2.8.0 and 2.8.1.2 or install a version between 2.7.2 and 2.7.4.6 of the Cisco Common Services Platform Collector.

collector/nvd-index
agent/weakness
agent/type
agent/remedy
agent/title
agent/references
agent/severity
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/source
vendor/cisco
canonical/cisco common services platform collector
version/cisco common services platform collector/2.7.2
version/cisco common services platform collector/2.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.